Once your environment is created, the next step is to identify the device groups that will have. A group contains devices to which the same set of rules will be applied, through Profiles. For example, in a sales force use case, I might have one group with the salespersons’ devices, another with the sales supervisors’ devices. and a third with the sales managers’ devices. Groups are organized in a hierarchical way and can have subgroups. For example, each of the groups above can have subgroups according to region or branch.
After the groups are defined, the profiles that apply to the devices in each of them must be defined. Profiles are sets of rules. Each profile is associated with one or more groups. There are several types of profiles, each for a specific type of rules. The figure below shows the types of profiles that exist in cloud4mobile.
A group can only have a single profile of a given type. The profiles of a group apply to all its subgroups, in a ‘fall back’ scheme. That is, if a subgroup does not have a profile of a certain type, but its ‘parent’ group does have a profile of this type, the parent group profile applies to the subgroup.
Profile types can belong to one of the categories below:
- Android: Uses only Android’s native MDM API (library)
- Android with Samsung Knox: Only for Samsung devices with Knox; in addition to the Android API, it also uses the Samsung Knox API
- Android Enterprise: For devices from any manufacturer that have Android 6 or higher, and Google Play Services; in addition to the Android API, it also uses the Android Enterprise API
The category that offers the most robust management is Android Enterprise. It is recommended that it be used whenever possible.
On Android Enterprise, three different device ‘modes of use’ are possible:
- ‘Device Owner’ mode: the device is owned by the Company and is fully controlled by it, through cloud4mobile; it is the most common mode for field teams, where the user must use the device to perform a specific and normally restricted process;
- BYOD mode (‘Bring Your Own Device’): the device belongs to the user, who has full control over it; however, the user allows the Company to have a ‘Work Profile’ in the device, over which the Company has control, through cloud4mobile; the user can, at any time, remove the work profile from the device; in this mode of use, a Launcher profile shall not be applied to the device;
- COPE (‘Corporate Owned, Personally Enabled’) mode: the device belongs to the Company, but the user can have a ‘personal profile’ in the device; the user has full control over his personal profile, to which cloud4mobile does not have access; the cloud4mobile profiles defined for the device are all applied to the Work Profile; in this mode of use, a Launcher profile shall not be applied to the device;
For more information on usage modes, see Groups, Profiles and modes of use in the Help Center:
One last note about profiles: profiles from different categories can apply to the same group of devices. The allowed combinations are:
- Android with all other categories
- Android Enterprise with Samsung Knox
